On Fri, 2017-03-03 at 10:09 -0500, Hendrik Boom wrote: > What default cryptographic identity would it use? > > -- hendrik
My notion is an email client should look for a keyring and if it can't find one it should default to creating a basic key and publishing it to one or more keyservers. Imagine if every message from $foobar mail client always had a signature attached. Now imagine that it also attached the public key on 1-1 emails. Just that would raise awareness of signed and encrypted email, creating a demand for other clients to chase the feature. Now harvest any keys it gets by that method or by looking up in the keyservers. Then instead of just signing it can start signing and encrypting by default once it has a key for the receiver. Once all clients had adopted the feature most personal email would be encrypted by default, combined with the current trend toward mail servers encrypting traffic between themselves you get a lot of virtually untrackable traffic that would give the NSA fits. No, normies with keys generated by default and no care put into protecting it would not be as secure as hard core types with their key material on external devices. But it would improve general security greatly at almost no expense. Here is the kicker. It is an obvious idea yet exactly zero mail clients have ever did it. Not the big commercial ones like Outlook, Lotus Notes or Eudora, not the big free ones like Thunderbird or Evolution. Not even Pine or GNU's Emacs Mail. Zero is a magic number, when you see zero or infinity you always take another look at your figures to see if you made a mistake. Well here is a suspicious zero.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
